U.S. Senator Al Franken and Congressman Ed Markey have sent letters to Apple CEO Steve Jobs expressing concern over recent reports that Apple's iOS 4 maintains a database with detailed location information, while several European officials are planning investigations into the practice.

Security researchers sounded an alarm earlier this week over a database file in iOS 4 regularly logs the location of both the iPhone and 3G iPad. According to the researchers, the current version of the log began with the launch of iOS 4 last year, resulting in as many as "tens of thousands of data points" collected over the past year.

"What makes this issue worse is that the file is unencrypted and unprotected, and it's on any machine you've synched with your iOS device," wrote one researcher. "It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you've been over the last year, since iOS 4 was released."

The researchers did note, however, that they had yet to find evidence that the location data had been sent to anyone.

Senator Franken sent an open letter to Jobs on Tuesday, noting that the stored location information "raises serious privacy concerns."

"I read with concern a recent report by security researchers that Apple's iOS 4 operating system is secretly compiling its customers' location data in a file stored on iPhones, 3G iPads, and every computer that users used to "sync" their devices," Franken wrote.

Franken found the fact that the file is stored in an "unencrypted format" to be "even more worrisome."

"Anyone who finds a lost or stolen iPhone or iPad or who has access to any computer used to sync one of these devices could easily download and map out a customer's precise movements for months at a time," he continued. "It is entirely conceivable that malicious persons may create viruses to access this data from customers' iPhones, iPads, and desktop and laptop computers."

iPhone location data plotted | Source: O'Reilly Radar

Franken took particular issue with the possibility that underage users could be at risk, citing an analytics report that found 13 percent of iPhone users to be under the age of 18.

The senator concluded his letter with a series of questions for Apple. "Why does apple collect and compile this location data? Why did Apple choose to initiate tracking this data in its iOS 4 operating system?"

Franken also queried Apple on how the data is generated, why Apple chose not to encrypt it, whether the practice had been outlined in Apple's privacy policy and to whom the data had been disclosed.

Rep. Markey's letter closely resembles Franken's and includes a list of questions that Apple is to respond to by May 12. "I am concerned about this report and the consequences of this feature for individuals' privacy," he wrote.

According to The New York Times, the Italian Data Protection Authority has opened an investigation\t into Apple's data collection. CNIL, the French data protection authority, is currently in the process of verifying the location tracking practice and may also initiate an investigation.

Given the involvement of elected representatives, this week's privacy incident has taken on echoes of a controversy from last year. Last summer, two U.S. congressmen, including Rep. Markey, sent a letter to Apple after an erroneous and alarmist report claimed that Apple had changed its privacy policy to begin "collecting, sharing iPhone users' precise locations."

In fact, Apple had not changed its policy and was simply restating the privacy policy in its EULAs. Apple allows users to opt-out of location services on a system wide level or within specific apps. Those wishing to prevent iAd, the Apple-developed ad network, from accessing location data can visit an "Opt Out" URL from their device.

Apple general counsel Bruce Sewell responded to the congressmen with detailed explanations of Apple's privacy policy for location services. In the letter, Sewell noted that Apple keeps location data for six months to improve its iAd network. These databases must be updated continuously, Apple wrote.

However, recent findings from security researchers would appear to dispute that fact, since the database they discovered had location records that dated back almost a year.

The location file is nothing new, according to researcher Alex Levinson, who claims to have discovered the log months ago. Prior to iOS 4, the location data was stored in a /root/Library/caches/locationd folder, Levinson said.

John Gruber of Daring Fireball noted on Thursday that the tracking log appears to be an error. "My little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn't, either due to a bug or, more likely, an oversight," Gruber wrote.

Does the setting of location services affect what is saved in this db file?

I suspect this issue will be dealt with quickly and I'm less concerned about a file that shows roughly where I have been rather than precisely where I am right now. Just the same i will be glad when this is fixed.

I'm more keen on how the Government is tracking my whereabouts than what Apple's doing. I can pay cash for a Mac without raising suspicion unlike purchasing a plan ticket with cash which is a red flag.

Everyone in power wants to track those who have little power.

He's a mod so he has a few extra vBulletin privileges. That doesn't mean he should stop posting or should start acting like Digital Jesus.- SolipsismX

In reading through all the coverage of this topic during the last 48 hours I have a couple of questions: Is the Apple iPhone the only phone that collects and sends location information? Is it just a coincidence that this story broke on the day Apple was releasing their quarterly earnings?

Given Apple don't collect the data I don't quite get all the tin foil hat responses. I do get it that the data should be encrypted.

On the flip side, if this data was encrypted when other data isnt and it was discovered people would be claiming that Apple must be up to something otherwise they wouldnt have tried to hide it from us with encryption.

Quote:

Originally Posted by pjanders

In reading through all the coverage of this topic during the last 48 hours I have a couple of questions: Is the Apple iPhone the only phone that collects and sends location information? Is it just a coincidence that this story broke on the day Apple was releasing their quarterly earnings?

It doesnt appear to send the data anywhere.
All the others have a similar file, but they dont appear to be keeping the old cache.
I think it is a coincidence.

PS: My Mac make a lot of extra com.apple.quicktimex.plist.????? files for no apparent reason. They have some arbitrary alphanumerics where the question marks would be. I assume these are also oversights in OS X not removing caches.

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

How can they be sure his father or someone else didnt do the FB update? How can they be sure he didnt write a script that will update his FB status from his fathers computer at a particular time? How do they do he didnt have an app phone with a VNC app that could access his fathers computer right before or after the robbery?

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

I think its great that the U.S. Government is concerned about the products we buy like the lead paint from china and don't worry about the clean water act. There are people, PEOPLE being tracked with a smart phone!

I think they really are not worried about the people or customers. Most of the government uses iOS devices so I feel they are more concerned that their actions and movements can be tracked. Because they lack the technology intelligence to shut it off the service for themselves they have to protect "The People" because we all know the government is looking out for our best interest.

... and hey when all else fails, divert attention from the big problems like our entire congress acts with an attitude of that of a 6 year old. Good Job Al. Go back to writing Jack Handy poems.

Love the whining, especially from the US Senate. They track everyone's whereabouts with The Patriot Act and suddenly they act as if a Locations service db for cellular tower triangulation and wifi is somehow the real privacy invasion.

Get real.

Telcos have allowed communications to be tapped for nearly 4 decades and this service everyone leverages for their applications is the big bad wolf?

Whine about today's Military GPS+ and the ability to see yourselves humping from Space. That seems to be ignored by all as ``for our own protection.''

1. No one seems to have noticed the "clients.plist" which is located in the same directory which lists all the various users of locations services, including apps. Each listing has a timestamp used by the app/website that matches a timestamp for the location used thats located in the consolidated.db!
Funny how the "researchers" missed that one.

2. I guess it is also a coincidence that the directory "locationd" in which these so called "hidden" files is located in the "Caches" directory. I wonder why that is? A red herring? I doubt it.

3. How exactly are these files hidden? When I tried to locate this "hidden" file, I found it very quickly and easily. If they were hidden, then no one would know they were there. They are as hidden as the SMS parts, or the Address book. I'm also going to raise a stink because my photos are being stored in a secret directory called "DCIM". It must be a conspiracy.

4. Lastly, in the original article, it is stated "that your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file." Later the statement "the timing of the recording is erratic" is made. So which is it?

Cmon, guys, cut the sarcasm. Whether or not a Senator is the one asking-- frankly, who cares -- Apple darn well has a duty to answer what seems like a very reasonable bunch of questions that lots of people are asking.

Taking refuge in 'but everybody does it' is simply lame, and you know it. If that logic were applied across the board, Apple would be no different from from 'everybody' -- i.e., it wouldn't be Apple. I hold the company to a higher standard.

Someone senior from Apple should just come out and clarify immediately, and get it out of the way. I can bet that the EU, in particular, is going to be all over this in 24 hours. They take their privacy very seriously over there (unlike here in the US.)

It looks like the file that was discovered by Alasdair Allan [and] Pete Warden has existed since iOS 3 and has been known since the launch of iOS 4.

Under iOS 3, it was a .plist file called h-cells.plist, which was in /root/Library/caches/locationd and contained the same information as the iOS 4 file. With the sandbox design for third party applications and multitasking introduced in iOS 4, the file had to change in order to allow apps to access it.

It is now called consolidated.db and would only be used by applications requiring location services. A network traffic analysis of connections to Apple servers shows that the information contained in that file is not sent to Apple. Anyway, Californian law forbids Apple or anyone else to do so.

OK good- I am glad the senators are investigating a bug in iPhone software that is likely to be fixed shortly and can already be stopped by a program released on cydia.

Honestly I would be more worried about those jailbroken apps. I've have heard reports of some systems opening up all kinds of security holes in devices if things aren't handled right. An app could do what Apple doesn't and send you information out to a central database along with your phone number and who knows what else and you might never know it.

That kind of thing is way more worrisome than some file on your iphone that you can't directly access from the iphone or even the back up files without some kind of 3rd party tool

I downloaded the app to check out my own phone's data. I can tell you now that there is nothing precise about the locations stored in there. So many of the stories make it sound like the phone is tracking your every movement. In fact it is not.

I even downloaded the app source code and modified it to show a more detailed view of the plotted points. There were many points listed that I know for a fact I was nowhere near. My phone spends about 14 hours a day in my house. You know how many points were at my house? ZERO. The closest point was about a half mile away.

While I think Apple should be more careful when caching data like this, I also think the story has been WAY overblown.

I wish corrupt politicians like Al Franken would spend more time cleaning up government than jumping on the 'freak out' bandwagon.

But it still begs the question of why Apple cannot encrypt the data or find some means to let users know such a thing exists, and how one can manage it (e.g., as one might manage browsing history).

1) This wasnt some hidden file that was unknown to the world, it just didnt get the media attention until yesterday. Perhaps because of the associated app that brought to life the DB data.

2) They could encrypt it, but doesnt it say something about the non-nefarous nature of the file since its not encrypted? I think it does.

3) What about all the other unencrypted data in ~/Library/Application Support/MobileSync/Backup? I can access those files and see all sorts of stuff about my apps contacts and calander. Im sure if I took the time to parse the info I could see all my personal information. Why is that info less important from prying that have accessed your device or your personal account on your PC? I dont it it. I think that info is more important, so why isnt it under the same scrutiny?

4) Apple has a GUI to turn it on and off, let you choose which apps are using it, and lets you know when its being access and has been accessed. Why purpose would it serve to let you manually delete all the old location data? If there is some reason you need to hide your general location then you can wipe your phone but that sounds suspect

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

I have an Apple iPhone. every time i download an app. or program from apple iTunes store I am always asked if I will allow that app to pin point my location and keep tabs on my use of the application. There is a box bellow that you can mark your answer Yes or No. On my new iPhone 3GS I did notice that I can click on a photo in my picture album and see where the photo was taken. In that since I guess there is some sort of tracking involved. I know now a days most phones have a GPS tracker on them incase you are hurt or loss it can be used to locate you, if the phone is on. As far as tracking you with out the phone being activated, I haven't heard of that. You can be tracted throught cell towers but, only if your phone is on (I thought). My sugestion to those of you who are worried about being " tracked every where you go " just remember to, make sure when you kill your wife, drounding your friends, kidnap neighbors dogs, keep you phone turned off till you are out of the area.

Seriously, Ed just doesn't figure things out very well, and Al's used to being much more in the limelight than he's getting as a northwoods Senator. So let's fire off an open letter because, well shucks we just want every one of our respective constituents to know their tax money is at work. Even if it is on old, unaccurate, imprecise, open data that is not hidden, nor encrypted because there is so little of actual value to an abuser of said information.

Nice that the security team was able to generate a little media attention too, on the back of already known, discussed and resolved pseudo-issues.

If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one

1) This wasnt some hidden file that was unknown to the world, it just didnt get the media attention until yesterday. Perhaps because of the associated app that brought to life the DB data.

2) They could encrypt it, but doesnt it say something about the non-nefarous nature of the file since its not encrypted? I think it does.

3) What about all the other unencrypted data in ~/Library/Application Support/MobileSync/Backup? I can access those files and see all sorts of stuff about my apps contacts and calander. Im sure if I took the time to parse the info I could see all my personal information. Why is that info less important from prying that have accessed your device or your personal account on your PC? I dont it it. I think that info is more important, so why isnt it under the same scrutiny?

4) Apple has a GUI to turn it on and off, let you choose which apps are using it, and lets you know when its being access and has been accessed. Why purpose would it serve to let you manually delete all the old location data? If there is some reason you need to hide your general location then you can wipe your phone but that sounds suspect

I expected a better set of arguments from you.

1) Most of world, outside of a few geeks and techies, knew nothing about this until today. Add me to the list of those who didn't know.

2) Irrelevant. The concerns over nefariousness of use is not on the part of Apple. I have no clue what point you're trying to make here.

3) If other things deserve the 'same scrutiny,' sure, bring it up. Don't conflate issues with a lame argument along the lines of 'I am doing X which is wrong and no one rapped my knuckles, so why are they rapping my knuckles when doing Y, which is no different from X'. Perhaps both need to be addressed.

4) The GUI option seems like an all or nothing proposition. In any event, there would be no harm in Apple allowing a user to manage this. Indeed, one would assume that should be the default.

I predict lots of governments are going to be all over this. Lots of people might be doing it (a la the signal fade issue), but Apple will take it on the chin. That is the price of success. Better to get in front of it.

1) Most of world, outside of a few geeks and techies, knew nothing about this until today. Add me to the list of those who didn't know.

Most still don’t know and even less care.

Quote:

2) Irrelevant. The concerns over nefariousness of use is not on the part of Apple. I have no clue what point you're trying to make here.

My point should be clear. People claim Apple is surely tracking your data for some evil reason. I asked if they really wanted to do this why would they keep it unencrypted?

Quote:

3) If other things deserve the 'same scrutiny,' sure, bring it up. Don't conflate issues with a lame argument along the lines of 'I am doing X which is wrong and no one rapped my knuckles, so why are they rapping my knuckles when doing Y, which is no different from X'. Perhaps both need to be addressed.

As previously stated it has a reason to exist and other mobile OSes use them. That doesn’t make it right because others are doing t but it could make you wonder if there is a reason why this would be useful for a cell connected device. I wager the answer isn’t scandalous in any way, shape or form.

Tell me why you are fine with all that other data in ~/Library not being encrypted? You have mail, and attachments you think you deleted, you have 3rd-party app data, Safari history and cached pages, calendar, address book and all sort of other info. If you let someone get into you system that you’re fault. At least with iPhone backups can be encrypted.

Quote:

4) The GUI option seems like an all or nothing proposition. In any event, there would be no harm in Apple allowing a user to manage this. Indeed, one would assume that should be the default.

No, you can turn off Location Services for select apps.

Quote:

I predict lots of governments are going to be all over this. Lots of people might be doing it (a la the signal fade issue), but Apple will take it on the chin. That is the price of success. Better to get in front of it.

I agree with “getting in front of it.” Any bad press quickly gets blown out of proportion when it comes to Apple, just like the external antenna of the iPhone 4.

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

Hmmm. I heard it on NBC Nighlty News, CBS Evening News, NPR ATC, and APM's Marketplace. I guess 'most people' must not watch or listen to this stuff.

Quote:

Originally Posted by solipsism

My point should be clear.

The fact that your point is 'clear' had little to do with the questions it was responding to.

I could tell you that it was windy today where I live. The point is clear, but you'd agree it's irrelevant vis-a-vis what you're trying to say.

Quote:

Originally Posted by solipsism

As previously stated it has a reason to exist and other mobile OSes use them......

Tell me why you are fine with all that other data in ~/Library not being encrypted?....

No, you can turn off .....

These are non-sequitirs. You're talking to yourself, and pretending you're having a conversation. You have not addressed a very simple issue I brought up: why Apple cannot let a user manage this. It's not rocket science.

Quote:

Originally Posted by solipsism

Most still dont know and even less care.
......
I agree with getting in front of it. Any bad press quickly gets blown out of proportion when it comes to Apple, just like the external antenna of the iPhone 4.

You just contradicted yourself, between your first sentence and last.

Got to call it a night. I've got a long day tomorrow. You can continue the conversation if you wish, but I have no further interest.

You have not addressed a very simple issue I brought up: why Apple cannot let a user manage this. It's not rocket science.

It’s a BS question. You’ve made the assumption that Apple can’t do this yet you haven’t addressed why they should let a user manually delete this particular cached data, why this database has no useful function on the phone, or why this data is more detrimental to a user than all the other visible data that exists in their system.

Read Pogue’s article for a view that isn’t written like the sky is falling.

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

Cmon, guys, cut the sarcasm. Whether or not a Senator is the one asking-- frankly, who cares -- Apple darn well has a duty to answer what seems like a very reasonable bunch of questions that lots of people are asking.

Taking refuge in 'but everybody does it' is simply lame, and you know it. If that logic were applied across the board, Apple would be no different from from 'everybody' -- i.e., it wouldn't be Apple. I hold the company to a higher standard.

Someone senior from Apple should just come out and clarify immediately, and get it out of the way. I can bet that the EU, in particular, is going to be all over this in 24 hours. They take their privacy very seriously over there (unlike here in the US.)

This is Cook's first public PR crisis. Let's see how he handles it.

You're absolutely right. People here need to ask themselves the question, "if this had been done by Google or Microsoft, what would my reaction have been?"

Al Frankens questions are good. Id like to know for the sake of knowing but I dont think its some OMG I cant believe Apple is doing this scenario and I wont lose sleep thinking this file over all others is holding me hostage in a police state supported by Apple.

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

I'd lay odds that any SatNav device has the same feature. I worked for one such vendor in the past and it was fairly routine for folks recovering a lost device to see exactly where it'd been in the previous 3 months. Only 3Mb of memory in the unit but enough room to even work out the driving speed every few seconds over that period.

Apple made headline news in Australia, i assume they're getting bad press all around the world.

Made headline news here in Germany as well... and it is still being categorized and headlined as an Apple -specific flaw... EVEN THOUGH all of the experts have weighed in to say it is the same with any and all "smart phones"... and specifically Android being the worst at saving, using, and SELLING privat information.

We have some pretty tight data privacy laws here, so it would be advised that Apple send out a quick update as soon as possible (like the one from Cydia) to avoid any unnecessary court-hearings and assorted troubles.

Knowing what you are talking about would help you understand why you are so wrong. By "Realistic" - AI Forum Member

How can they be sure his father or someone else didn’t do the FB update? How can they be sure he didn’t write a script that will update his FB status from his father’s computer at a particular time? How do they do he didn’t have an app phone with a VNC app that could access his father’s computer right before or after the robbery?

Dang it solipsism, how are the rest of us going to use that method to commit the perfect crime if you are giving it away? Now a simple google search will find this page and ruin it for the rest of us.

Actually it would be even simpler than if you were planning a crime - just have an accomplice sitting at your desk at home.

Maybe now facebook will require you use a fingerprint scanner or take a photo of yourself to authenticate your identity and location when posting.

I think its great that the U.S. Government is concerned about the products we buy like the lead paint from china and don't worry about the clean water act. There are people, PEOPLE being tracked with a smart phone!

I think they really are not worried about the people or customers. Most of the government uses iOS devices so I feel they are more concerned that their actions and movements can be tracked. Because they lack the technology intelligence to shut it off the service for themselves they have to protect "The People" because we all know the government is looking out for our best interest.

... and hey when all else fails, divert attention from the big problems like our entire congress acts with an attitude of that of a 6 year old. Good Job Al. Go back to writing Jack Handy poems.

That might be an interesting wikileak - hundreds of government officials who sync their iOS devices to their computer which gets backed up to a central server - archived to tape - and a cartridge that is not encrypted goes missing - someone plots all the data contained therein - which includes text messages etc - and finds the senator from this state spends an hour a week at that brothel - and the congressman from that state spends 4 hours a week at the horse track - etc.

I downloaded the app to check out my own phone's data. I can tell you now that there is nothing precise about the locations stored in there. So many of the stories make it sound like the phone is tracking your every movement. In fact it is not.

I even downloaded the app source code and modified it to show a more detailed view of the plotted points. There were many points listed that I know for a fact I was nowhere near. My phone spends about 14 hours a day in my house. You know how many points were at my house? ZERO. The closest point was about a half mile away.

While I think Apple should be more careful when caching data like this, I also think the story has been WAY overblown.

I wish corrupt politicians like Al Franken would spend more time cleaning up government than jumping on the 'freak out' bandwagon.

The data is not the location of your phone but rather the location of the cell tower which provided service to your phone - mine is weird - i spent about two days in Chicago and the iPhoneTracker heat map for that location shows a much larger blob that my home - near my home has way more data points - but they are spread out - I also have no data points at my house - could be that I use wireless rather than 3G at home - though I do have a MicroCell - on the other hand I generally don't use the GPS functions to find my house while I am in it - though it is the starting point for a number of GPS guided journeys.